Skip to main content

Role Directory

A role is a set of authorized operations on specific types of resources.

Roles are assigned within permissions, the role applies to the access area specified in the permission, for more information see Access Control in Servercore Products.

Some roles may only be assigned to a specific access area, and may have a different set of managed resources in different access areas.

member

User with full access to all services.Unavailable access control: users, service users, user groups, federations.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

In the Account access area:

  • management of projects, their limits and quotas;
  • billing management;
  • resource management across all projects;
  • management of resources outside of projects;
  • working with audit logs.

In the access area Project:

  • management of the resources of the selected project.

billing

User with access to billing management and without access to service management.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • Billing Management:
    • replenishment of balance and transfer of funds between balances;
    • management of auto-account, monthly payments, payment deferrals;
    • balance notification management;
    • bank card management;
    • viewing of reporting documents;
    • managing the affiliate program and withdrawal of funds;
  • view connected services and service statuses.

iam_admin

User with access to user management and without access to services and billing.Cannot manage his account: change permissions, manage notifications, delete user.The first user with the iam_admin role is created by the Account Owner.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

reader

A user with access to view everything he controls member in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations

In the Account access area:

  • View resources in all projects, as well as resources that are not attached to a project;
  • view the settings of all projects, their limits and quotas;
  • viewing of billing data (balance, bank cards, report documents, partner program, etc.)

In the access area Project:

  • view the resources of the selected project

object_storage:admin

A user with full access to S3 management within a project.Does not have access to S3 in other projects or other products in their project.Read more in the Manage Access in S3 instructions.

Access areasproject
Who can be prescribedService users
Available operations
  • View the list of bucket list in the project;
  • viewing the contents of the bins;
  • management of objects in the bucket (loading, modification, deletion, etc.);
  • changing the settings of the buckets;
  • configuring the bucket access policy

object_storage_user

A user with access to the S3 bucket if an access policy is configured in  the bucket that allows access to the bucket for that user, more details in the Manage Access in S3 instructions .The level of access is determined by the access policy settings.Does not have access to S3 in other projects and other products in his project.

Distinguished from a user with the role s3.bucket.user user only has access to viewing the list of bucket in the project.

Access areasproject
Who can be prescribedService users
Available operations
  • View the list of bucket list in the project;
  • operations in the buckets that are allowed by the access policy.

s3.bucket.user

A user with access to the S3 bucket if an access policy is configured in  the bucket that allows access to the bucket for that user, see the Manage Access in S3 instructions for details. The level of access is determined by the access policy settings.Does not have access to S3 in other projects or other products in their project.

Distinguished from a user with the role object_storage_user differs from the user with the object_storage_user role only by the fact that he/she does not have access to viewing the list of bins in the project.

Access areasproject
Who can be prescribedService users
Available operationsOperations in the Bucket that are allowed by the Bucket policy

global_router.admin

A user with access to manage global router management in the account.Does not have access to other products.For more information, see the Manage Global Router Access instructions.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View a list of global routers, the networks and subnets connected to them, and a list of static routes on the router;
  • Create, modify, and delete global routers;
  • adding, modifying, and deleting static routes on a global router;
  • Change the name of the networks and subnets connected to the global router.

Other operations on global router networks additionally require the role member (Project or Account access area):

  • Connect to a global router on an existing or new network and subnet of the cloud platform;
  • connect to the global router of an existing or new network and a subnet of dedicated servers;
  • Removing the cloud platform network or subnet from the global router network, including removing the cloud platform network or subnet itself;
  • Removing a network or subnet of dedicated servers from the global router network

global_router.viewer

A user with access to view global routers and their networks.Does not have access to other products.Read more in the Manage Global Rou ter Access instructions.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operationsView a list of global routers, networks and subnets connected to them, a list of static routes on the router

mobile_farm_admin

User with full access to manage the mobile farm in their project.Does not have access to the mobile farm in other projects and other products in their project.Read more in the Manage Access to Mobile Farm instructions.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • Adding and removing mobile farm devices;
  • utilization of mobile farm devices;
  • mobile farm tariff change;
  • adding ADB keys to your profile

mobile_farm_user

User with access to use Mobile Farm devices in their project.Does not have access to Mobile Farm in other projects and other products in their project.More information in the Manage Mobile Farm Access instructions.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • utilization of mobile farm devices;
  • adding ADB keys to your profile

mobile_farm_viewer

User with access to view devices and consume the mobile farm in their project.Does not have access to the mobile farm in other projects and other products in their project.Read more in the Manage Mobile Farm Access instructions.

Access areasproject
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available operations
  • View mobile farm consumption;
  • Mobile Farm Device Viewer;
  • adding ADB keys to your profile